Chinese Army linked to hacks of U.S.
An “overwhelming percentage” of cyber attacks on U.S. corporations, government agencies, and organizations originate from a 12-story office tower on the outskirts of Shanghai that’s connected to the People’s Liberation Army, according to an extensive New York Times report.
The newspaper cites a 60-page report by U.S. security firm Mandiant traces the activities of a sophisticated Chinese hacking groups — known in some circles as “Comment Crew” or “Shanghai Group” — to the headquarters of PLA Unit 61398. The report notes that a body of digital forensic evidence led investigators to the building’s doorstep but was unable to confirm that the hackers were inside the building.
However, Mandiant argues that there is realistic explanation for the large number of attacks emanating from such a small neighborhood populated with restaurants and massage parlors.
Chinese Army linked
“Either they are coming from inside Unit 61398,” Kevin Mandia, the founder and chief executive of Mandiant, told the Times, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
As part of its report, Mandiant also released a highly detailed video (see below) it says shows actual attacker sessions conducted by a hacker group in China Mandiant calls Advanced Persistent Threat group 1, or APT1.
“Our analysis has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China’s cyber threat actors,” Mandiant wrote.
Chinese authorities told the Times that its country does not engage in computer hacking.
The probe came after the newspaper revealed last month that it was the victim of a four-month cyberattack in which hackers stole the passwords of its employees in an effort to get information on sources and contacts for a story on Chinese Prime Minster Wen Jiabao. According to the Times, the methods these hackers used were similar to past attacks by the Chinese military.
The Wall Street Journal and Washington Post also reported being the victims of similar hacks. The newspaper hired the firm to investigate the hack but found that Comment Crew was not responsible for the sophisticated hack.
Mandiant said it had been tracking Comment Crew for more than six years and had traced their activities to IP addresses that were registered in the same neighborhood as Unit 61398’s building.
“It’s where more than 90 percent of the attacks we followed come from,” Mandia told the Times.
The report comes out as the U.S. begins a more aggressive policy of cyber defense against hackers like those suspected to be in China. Under a long-anticipated executive order signed last week by President Obama, companies will be allowed to share confidential information such as hackers’ unique digital signatures with intelligence agencies without oversight.